Learn More about GuardRail
Free Demo

ChefConf 2015 Debriefing

Last week, we repped our set at ChefConf 2015 and gave a couple hundred live GuardRail demos to attendees. We saw a few talks and caught up with some old friends, too. It was a great time and we’ll definitely be back next year.

Read More

Topics: #ChefConf

3 Steps for Integrating Security into DevOps

The fate of CSO John in The Phoenix Project is a good parable for illustrating the dynamic and often conflicted relationship between Security and IT Operations. Security can either become a separate, obscure, and increasingly irrelevant group that everyone else resents–sounds pretty good, huh?–or it can be integrated into broader framework of the development cycle. Security John goes through a mental breakdown before finally understanding how to adapt and survive, but it doesn't have to be that hard.

Read More

Generating Chef Recipes from Existing Configs

We've covered the benefits and pitfalls of configuration management tools like Chef in many articles. But let's assume you've done your homework and decided Chef is the tool for you. How do you get started?

Read More

Declarative vs. Imperative Models for Configuration Management: Which Is Really Better?

As a group of concepts, DevOps has converged on several prominent themes including continuous software delivery, automation, and configuration management (CM). These integral pieces often form the pillars of an organization’s DevOps efforts, even as other bigger pieces like overarching best practices and guidelines are still being tried and tested. Being that DevOps is a relatively new paradigm - movement - methodology - [insert your own label here], standards around it have yet to be codified and set in stone. Organizations are left to identify tools and approaches most suitable for their use cases, and will either swear by or disparage them depending on their level of success.

Read More

Another Day, Another OpenSSL Vulnerability

If you're one of the unfortunate ones who woke up to a frantic text from their boss this morning, there's some small consolation: today's OpenSSL vulnerabilities probably aren't as horrific as Heartbleed! Hooray, great job everyone! The bad news is that you still have to patch your environment, and before you can even do that—do you even know what you've got?

There's a kind of configuration "fog of war" over IT that's been a fact of life for as long as IT has been around, especially in established environments. Sure, you could manually dig into each machine and run openssl version, or spend the afternoon scripting a solution if you're fancy, but that amount of work will only get you through today. You need to make room in your tool chest for a universal configuration scanner and system of record.

Read More

GuardRail and COBIT for SOX Compliance

Sarbanes-Oxley (SOX) compliance—it’s like checking for holes in your favorite pair, but with consequences beyond public embarrassment. For publicly traded companies, the ordeal is a bit like income tax preparation for the rest of us: a painful, time-consuming evil that—if not carried out judiciously—may result in penalties and fines. Throw in an additional bonus of prison time for good measure, if you’re a C-level executive and discrepancies are found on your watch. Yes, the SEC is serious about SOX compliance, and you should be, too—especially if you’re in IT.

Read More

Apple's $20M Configuration Problem

This week, Apple’s App Store and iTunes Store suffered a downtime of about 10 hours. For the better part of the day, customers were unable to access the stores, purchase music or apps, or make payments using the Apple Pay payment system. The problem has been attributed to “a configuration blunder” of its DNS setup.

Read More

Don’t Make An Anthem Out Of Compliance

Audits are one of life’s greatest pleasures, right up there with root canals and childbirth. Firms love them, too; alongside tax audits-- financial audits, records audits, and compliance audits make life splendid for businesses. Unfortunately, compliance is an unwieldy but necessary evil-- that is, unless you’re America’s 2nd biggest health insurer.

Read More

Getting Started with the GuardRail Connection Manager

We recently rewrote the GuardRail agent as a connection manager to reap the benefits of agentless monitoring. Why get rid of agents? Because agents must be updated. They are like a free puppy–it's easy to take them home but you have to feed them, take them to the vet, and clean up after them for years afterward. The new connection manager allows for an agentless architecture while keeping all SSH activity behind your firewall. It's fast, light, easy to maintain, and secure.

Read More

Testing for Samba CVE-2015-0240 with GuardRail

Microsoft has announced a vulnerability in Samba, the widely used SMB/CIFS protocol for Windows/*nix interoperability. The vulnerability exists in versions 3.5.0 to 4.2.0rc4 and allows malicious clients to manipulate the host such that clients can execute code via a netlogon packet.

Read More

About Us

We make a no-nonsense platform for maintaining consistency across environments. You can try it for free because we like you.

Subscribe to ScriptRock's DevOps Blog